03-21-2013 02:38 AM - edited 03-01-2019 02:39 PM
Hi,
I'm trying to setup a lab in order to test the function of a freeradius server to authenticate network access via an LNS, before I introduce it to the live environment.
I have 2 887VA's to play with in a test environment but I don't have a DSL line.
Can I connect together the Ethernet ports of the 2 887's and configure one to act as an LNS and the other to act as a DSL client (I want to somehow tell the dialer0 interface to use PPPoE and use Fa0 as the source). I then want the LNS to assign an IP to the client (served from Radius) in order for the client to be able to access the onward network.
Thanks!
03-21-2013 08:56 AM
Ok, this is what I have so far:
PPP-CLIENT:
====================
interface FastEthernet3
description ** WAN PORT **
no ip address
pppoe-client dial-pool-number 1
no cdp enable
!
interface Dialer0
description ** WAN INTERACE **
ip address negotiated
encapsulation ppp
dialer pool 1
ppp authentication chap callin
ppp chap hostname test
ppp chap password 0 test
!
ip route 0.0.0.0 0.0.0.0 Dialer0
!
LNS:
=======================
aaa authentication login default local
aaa authentication ppp default local
aaa authorization network default local
!
username test password 0 test
!
vpdn enable
!
vpdn-group 1
accept-dialin
protocol l2tp
virtual-template 1
source-ip 192.168.1.1
local name lab
lcp renegotiation always
l2tp tunnel password 0 xxx
!
interface FastEthernet2
switchport mode trunk
!
interface FastEthernet3
switchport mode trunk
!
interface Virtual-Template1
ip unnumbered Vlan192
peer default ip address pool TESTPOOL
ppp authentication chap
!
interface Vlan192
ip address 192.168.1.1 255.255.255.0
!
ip local pool TESTPOOL 192.168.1.10 192.168.1.254
!
Am I missing something? This DSL stuff is really not my domain...
03-27-2013 08:01 AM
I'm still having trouble here.
I've now got 3 887VA's (although I'm sure I could do this fewer) connected via DSLAM in the lab in a typical deployment:
CPE - DSLAM - LAC - LNS
The DSLAM is layer 2 and is passing Vlan 100.
I'm now using the VDSL interface of the CPE 887VA, I have the feeling the Fa interfaces won't support this.
Here are the configs:
CPE:
===============
controller VDSL 0
operating mode auto vdsl2
!
vlan 100,2004
!
interface Ethernet0
description ** VDSL INTERFACE **
no ip address
!
interface Ethernet0.100
encapsulation dot1Q 100
pppoe-client dial-pool-number 1
!
interface Dialer0
ip address negotiated
ip virtual-reassembly in
encapsulation ppp
no ip route-cache
dialer pool 1
dialer-group 1
ppp authentication chap callin
ppp chap hostname blah@blah
ppp chap password 7 xxx
ppp ipcp dns request
ppp ipcp route default
no cdp enable
!
LAC:
=======================
vpdn enable
vpdn multihop
!
vpdn-group LAC
request-dialin
protocol l2tp
domain sydr.mydsl.biz
initiate-to ip 10.192.24.213
source-ip 10.192.24.214
l2tp tunnel password 7 xxx
!
bba-group pppoe global
virtual-template 1
!
interface FastEthernet1
description ** USER PORT Fa1 **
switchport mode trunk
no ip address
no cdp enable
!
interface FastEthernet2
description ** USER PORT Fa2 **
switchport mode trunk
no ip address
no cdp enable
!
interface Virtual-Template1
no ip address
no peer default ip address
ppp authentication chap
!
interface Vlan100
ip address 10.100.100.2 255.255.255.0
!
interface Vlan2004
ip address 10.192.24.214 255.255.255.0
!
LNS:
=======================
vpdn enable
!
vpdn-group 1
! Default L2TP VPDN group
accept-dialin
protocol l2tp
virtual-template 1
local name sydrlns
lcp renegotiation always
l2tp tunnel password 0 xxx
!
interface FastEthernet2
switchport mode trunk
!
interface FastEthernet3
switchport mode trunk
!
interface Virtual-Template1
ip unnumbered Vlan100
peer default ip address pool TESTPOOL
ppp authentication chap callin
!
interface Vlan100
ip address 10.100.100.1 255.255.255.0
!
interface Vlan192
ip address 192.168.1.1 255.255.255.0
!
interface Vlan2004
ip address 10.192.24.213 255.255.255.0
!
ip local pool TESTPOOL 192.168.1.10 192.168.1.254
==================================================
My colleague is saying he's seeing MAC addresses on the DSLAM.
I cannot get any L2TP or PPP functionality. Output of 'sh vpdn session' or 'sh ppp all' is always empty. If I enable any kind of VPDN or PPP debugging I never get anything written to the log. This leads me to suspect I've made a fundamental error here.
Any ideas? I know this is probably quite elementary for someone who knows this technology but I'm stuck
04-30-2013 04:11 AM
Hi,
Did you get your 2 887va routers working over ADSL using L2TP?
I am trying to do the same and struggling. VPN is up and working but I cannot get it to use Layer2.
I haven't done this for some years and have forgotten lots. Please cna you send me your config so I can see how it was resolved.
Thanks,
Dan
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide